Results

Chapter: Configuring Zero Touch Provisioning

Configuring Zero Touch Provisioning

Zero Touch Provisioning (ZTP) works as a Third Party App (TPA) in Route-Switch Processor (RSP) and Route Processor (RP). ZTP was designed to perform
two different operations:

Download and apply an initial configuration.

Download and execute a shell script.

If the downloaded file content starts with !! IOS XR it is considered as a configuration file, and ZTP performs apply_config action on the configuration file.

If the downloaded file content starts with #! /bin/bash, #! /bin/sh or #!/usr/bin/python it is considered as a script file, and ZTP executes the script.

ZTP works as following:

XR scripts that run on boot, invoke DHCP request.

DHCP server returns either a user script or configuration file.

Download the user script or configuration file.

Execute the downloaded user script or apply the downloaded configuration.

Prior to Cisco IOS XR Release 6.3.1, ZTP was executed within the default network namespace and could not access the data interfaces
directly. Starting with Cisco IOS XR Release 6.3.1, ZTP is executed inside the global Virtual Routing and Forwarding (VRF)
network namespace with full access to all the data interfaces.

When ZTP process encounters any error, or when ZTP quits or terminates, it revert to the initial configuration that exists
before starting of ZTP process.

ZTP Switches between Management and Data Port

From Cisco IOS XR Release 6.5.1, during the fresh boot of a router, auto ZTP process is initiated from the management port and switches to data port. The
following events cause the ZTP process to switch between management and data port:

When ZTP does not find an active interface within 10 seconds.

When ZTP doesn not receives DHCP response and time elapsed since dhclient started is greater than 128 seconds.

When ZTP encounters an error.

The below flow diagram illustrates the ZTP process.

Figure 1. ZTP Process Flow Sequence

Note

During fresh boot or manual invocation, ZTP enables IPv6 on all data port interfaces in the dataport mode.

Manual ZTP Invocation

Manual Zero Touch Provisioning (ZTP) can be invoked manually via CLI commands. This manual way helps you to provision the
router in stages. Ideal for testing out ZTP configuration without a reboot. If you would like to invoke a ZTP on an interfaces(data
ports or management port), you don't have to bring up and configure the interface first. You can execute the ztp initiate command, even if the interface is down, ZTP script will bring it up and invoke dhclient. So ZTP could run over all interfaces
no matter it is up or down.

Use the ztp initiate , ztp breakout , ztp terminate , and ztp clean commands to force ZTP to run over more interfaces.

ztp initiate — Invokes a new ZTP DHCP session. Logs can be found in /disk0:/ztp/ztp.log.

ztp terminate —Terminates any ZTP session in progress.

ztp breakout —Will peform 4x10 breakout detection.

ztp clean —Remove all ZTP files saved on disk

From release 6.2.3, the log file ztp.log is saved in /var/log folder, and a copy of log file is available at /disk0:/ztp/ztp.log location using a soft link. However, executing ztp clean clears files saved on disk and not on /var/log folder where current ZTP logs are saved. In order to have a log from current ZTP run, you must manually clear the ZTP log
file from /var/log/ folder.

For more information of the commands, see the ZTP command chapter in the .

This task shows the most common use case of manual ZTP invocation: invoke 4x10 breakout discovery and ZTP.

SUMMARY STEPS

ztp breakout

ztp initiate dataport

DETAILED STEPS

Command or Action

Purpose

Step 1

ztp breakout

Example:

RP/0/RP0/CPU0:router# ztp breakout

Will try 4x10 breakout on 100 GE interfaces that supports breakout and are operationally down after no-shut. If the 10x10
breakout configure brings any 10GE interface operationally up, the breakout configuration will stay, otherwise it will be
reverted.

Step 2

ztp initiate dataport

Example:

RP/0/RP0/CPU0:router# ztp initiate dataport

Invoke DHCP sessions on all data ports which are up or could be brought up. ZTP runs in the background. Please use show logging or look at /disk0:/ztp/ztp.log to check progress.

ZTP Bootscript

If you want to hard code a script to be executed every boot, configure the following.

conf t
ztp bootscript /disk0:/myscript
commit

The above configuration will wait for the first data-plane interface to be configured and then wait an additional minute for
the management interface to be configured with an IP address, to ensure that we have connectivity in the third party namespace
for applications to use. If the delay is not desired, use:

conf t
ztp bootscript preip /disk0:/myscript
commit

Note

When the above command is first configured, you will be prompted if you wish to invoke it now. The prompt helps with testing.

ZTP Utilities

ZTP includes a set of shell utilities that can be sourced within the user script. ztp_helper.sh is a shell script that can be sourced by the user script. ztp_helper.sh provides simple utilities to access some XR functionalities. Following are the bash functions that can be invoked:

xrapply_with_extra_auth—Used to apply XR configuration that requires authentication, in XR namespace via a file. The xrapply_with_extra_auth API is used when configurations that require additional authentication to be applied such as alias, flex groups.

xrreplace_with_extra_auth—Used to apply XR configuration replace in XR namespace via a file The xrreplace_with_extra_auth API is used when configurations that require additional authentication to be applied such as alias, flex groups

Examples

ZTP logs its operation on the flash file system in the directory /disk0:/ztp/. ZTP logs all the transaction with the DHCP server and all the state transition. Prior executions of ZTP are also logged
in /disk0:/ztp/old_logs/.

The following example displays the execution of a simple configuration script downloaded from a data interface using the command
ztp initiate interface Ten 0/0/0/0 verbose , this script will unshut all the interfaces of the system and configure a load interval of 30 seconds on all of them.